News Main Menu

malware

malware

A computer at Penn State Abington that contained 739 Social Security numbers (SSNs) was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. "We have no reason to believe that this information was accessed by unauthorized individuals, but those affected should be alert in the event that an individual attempts to use their identity," said Sarah Morrow, chief privacy officer for the University.

A computer at Penn State Great Valley that contained 707 Social Security numbers (SSNs) was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. The SSNs were found in archived documents related to graduation intention lists from 2001-02.

As soon as the University became aware of the malicious software on this computer, it immediately was taken off line. Although it cannot be determined with certainty that any data was pulled from the computer by the infectious software, the University's policy is to take a cautionary stance and notify individuals who may have been affected.

A computer at Penn State Harrisburg that contained 808 Social Security numbers (SSNs) was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. The SSNs were found in archived documents related to conference registrations from 1999 to 2001. "Malware" is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, worm or other destructive program.

As soon as the University became aware of the malicious software on this computer, it immediately was taken off line. Although it cannot be determined with certainty that any data was pulled from the computer by the infectious software, the University's policy is to take a cautionary stance and notify individuals who may have been affected. This response is in line with the Pennsylvania Breach of Personal Information Notification Act, which went into effect in 2006 and mandates that the University notify anyone whose personally identifiable information is potentially disclosed when a computer is lost or compromised.

Identity theft continues to be a serious problem nationwide, and according to the nonprofit Identity Theft Resource Center, (ITRC) the economic recession may be a cause in the rise in scams, thievery and hacking. Breaches have hit virtually everywhere, including the federal government, major credit card companies, businesses and higher education institutions. Penn State has experienced computer breaches due to malware. The most recent breach occurred in the Student Aid Office in January, when malware exposed 5,600 records containing Social Security Numbers of current and former students. "The scary part is, you don't have to do anything wrong anymore to infect your computer," said Kathy Kimball, senior director in Penn State's Security Operations and Services Office. "The threat has changed such that you do not need to click on anything, just visit a compromised page."

Although most offices are winding down for the holidays, Penn State's privacy office remains active. The University currently is working to notify nearly 30,000 individuals about privacy breaches that may have exposed their personally identifying information. Malware infections to University computers caused all of the breaches, which occurred in the Eberly College of Science (7,758 records), the College of Health and Human Development (6,827 records) and one of Penn State's campuses outside of University Park (roughly 15,000 records).

A computer in the Dickinson School of Law that contained 261 Social Security numbers from an archived class list was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. As soon as the University became aware of the malicious software on this computer, it immediately was taken off line. Although it cannot be determined with certainty that any data was pulled from the computer by the infectious software, the University's policy is to take a cautionary stance and notify individuals who may have been affected.

Fraudulent e-mails that appear to be coming from University locations such as administrator@psu.edu, webmail@psu.edu and helpdesk@psu.edu continue to be sent to Penn State faculty, staff and students. These e-mails, which ask recipients to provide their individual user ID and password, are part of a variety of dangerous phishing scams, which have targeted all colleges and universities since 2008. The e-mail messages are NOT sent by administrative offices at Penn State. Do not reply to these messages, as they are not legitimate and could lead to the compromise of your access account, your computer or your data. ITS strongly recommends that the messages be deleted. Anyone who already has replied to one of these fraudulent messages should contact Security Operations and Services (SOS) at 814-863-9533.